Add a note in
Add a general note using the
/note command in . Only general notes are supported.
Use the following format:
/note "<title>" <note body>
You can use a datapath with a note to add additional information to a note. See Use a datapath in . This is shown in the following example:
/note "Attackers" Based on geolocate ip, attacks originated from artifact:*.ip
The above example results in a note added with the title "Attackers" and a body that looks like the following:
Based on geolocate ip, attacks originated from [22.214.171.124, 126.96.36.199]
Notes and datapaths
You can use a datapath anywhere in a note title or body. The datapath is evaluated as a Python style list, and creates a single note with the results listed in it.
See Use a datapath in .
Run a playbook in
Update or edit an event in
This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.1.0, 5.2.1, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.4.0